Blog_mini is an open source blogging system. blog_mini version 1.0 has a cross-site scripting vulnerability, the vulnerability originates from the component /admin/custom/blog-plugin/add for parameters without effective validation and escaping, attackers use the vulnerability to execute arbitrary code.